$OpenBSD: patch-lib_Xm_Xpmcreate_c,v 1.2 2007/07/18 21:41:05 mbalmer Exp $
--- lib/Xm/Xpmcreate.c.orig	Tue Dec  6 18:31:15 2005
+++ lib/Xm/Xpmcreate.c	Sat Jun 30 10:39:31 2007
@@ -1,4 +1,5 @@
 /* $XConsortium: Xpmcreate.c /main/8 1996/09/20 08:15:02 pascale $ */
+/* $XdotOrg: pre-CVS proposed fix for CESA-2004-003 alanc 7/25/2004 $ */
 /*
  * Copyright (C) 1989-95 GROUPE BULL
  *
@@ -809,6 +810,9 @@ XpmCreateImageFromXpmImage(display, image,
     if (image->ncolors >= UINT_MAX / sizeof(Pixel)) 
 	return (XpmNoMemory);
 
+    if (image->ncolors >= SIZE_MAX / sizeof(Pixel)) 
+	return (XpmNoMemory);
+
     /* malloc pixels index tables */
     image_pixels = (Pixel *) XpmMalloc(sizeof(Pixel) * image->ncolors);
     if (!image_pixels)
@@ -2254,6 +2258,9 @@ ParseAndPutPixels(dc, data, width, height, ncolors, cp
  	    if (ncolors > 256)
  		return (XpmFileInvalid);
 
+	    if (ncolors > 256)
+		    return (XpmFileInvalid);
+
 	    bzero((char *)colidx, 256 * sizeof(short));
 	    for (a = 0; a < ncolors; a++)
 		colidx[(unsigned char)colorTable[a].string[0]] = a + 1;
@@ -2351,6 +2358,9 @@ if (cidx[f]) XpmFree(cidx[f]);}
 	{
 	    char *s;
 	    char buf[BUFSIZ];
+
+	    if (cpp >= sizeof(buf))
+		return (XpmFileInvalid);
 
 	    if (cpp >= sizeof(buf))
 		return (XpmFileInvalid);
